diff options
| author | mav <mav@FreeBSD.org> | 2017-01-21 08:15:19 +0000 |
|---|---|---|
| committer | mav <mav@FreeBSD.org> | 2017-01-21 08:15:19 +0000 |
| commit | bed161d653a1594e4c2e35282d76139599600cfc (patch) | |
| tree | 73352bed35fdbb1522d94949a6b85191ac2fd8b2 /sbin | |
| parent | ef59148ea0822705bf28a48ab2ad4698d04c91cd (diff) | |
| download | FreeBSD-src-bed161d653a1594e4c2e35282d76139599600cfc.zip FreeBSD-src-bed161d653a1594e4c2e35282d76139599600cfc.tar.gz | |
MFC r311623: Make do_buff_decode() not read past the end of the buffer.
Abort format processing as soon as we have no enough data.
Diffstat (limited to 'sbin')
| -rw-r--r-- | sbin/camcontrol/modeedit.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/sbin/camcontrol/modeedit.c b/sbin/camcontrol/modeedit.c index 8262c3c..c98e0c5 100644 --- a/sbin/camcontrol/modeedit.c +++ b/sbin/camcontrol/modeedit.c @@ -193,7 +193,14 @@ editentry_save(void *hook __unused, char *name) struct editentry *src; /* Entry value to save. */ src = editentry_lookup(name); - assert(src != NULL); + if (src == 0) { + /* + * This happens if field does not fit into read page size. + * It also means that this field won't be written, so the + * returned value does not really matter. + */ + return (0); + } switch (src->type) { case 'i': /* Byte-sized integral type. */ |
